<?php
//registration - adding to database
function user_register(){
	global $conf, $GLOBALS['lang']['users'];

	SQLvalidate($_POST['group']);

	$db = new dbquery;

	$db->query("SELECT * FROM $conf[prefix_users]users WHERE login = '".$_POST['login'.$_POST['anti_auto_fill']]."'") or $db->err(__FILE__, __LINE__);
	$exists=$db->num_rows();

	if(!perms_check('users', 'register'))
	{
		redirect('index.php?module=error&error=auth_error');
		exit();
	}
	if($exists != 0) //checking if login already exists
	{
		redirect('index.php?module=error&action=users&error=register_error1');
		exit();
	}
	//checking fields
	if(!$_POST['login'.$_POST['anti_auto_fill']] or !$_POST['mail'] or !$_POST['passwd'.$_POST['anti_auto_fill']])
	{
		redirect('index.php?module=error&action=users&error=register_error2');
		exit();
	}
	//checking password
	if($_POST['passwd'.$_POST['anti_auto_fill']] != $_POST['passwd2'.$_POST['anti_auto_fill']])
	{
		redirect('index.php?module=error&action=users&error=register_error4');
		exit();
	}
	if((strlen($_POST['passwd'.$_POST['anti_auto_fill']]) < 5) || (!ereg("^[[:alnum:]]*$", $_POST['passwd'.$_POST['anti_auto_fill']])))
	{
		redirect('index.php?module=error&action=users&error=register_error5');
		exit();
	}
	if(!verify_mail($_POST['mail']))
	{
		redirect('index.php?module=error&action=users&error=register_error3');
		exit();
	}
	if($conf['img_pass'] && !perms_check('users', 'edit'))
	{
		if(!img_pwd_validate($_POST['img_pass']))
		{
			redirect('index.php?module=error&action=users&error=register_error6');
			exit();
		}
	}

	if(($_POST['group']) && perms_check('users', 'change_group')){
		switch(get_group_type($_POST['group'])){
		case -1:
			if($_POST['group'] == 1){
				redirect('index.php?module=error&error=group_error6');
				exit();
			}
			break;
		}
		$group = $_POST['group'];
	}
	else
		$group = 2;

	$pwd = md5($_POST['passwd'.$_POST['anti_auto_fill']]);

	//signature
	$_POST['signature']=post_text_comments($_POST['signature']);
	//

	if($_POST['autologin'] == 'true')
		$autologin = 1;
	else
		$autologin = 0;
		
	if($_POST['mailing'] == 'true')
		$mailing = 1;
	else
		$mailing = 0;
			
	if($conf['user_admin_activation'] == 1)
		$active = 0;
	else
		$active = 1;

	$db->query("INSERT INTO $conf[prefix_users]users  (`id` , `login` , `pass` , `avatar` , `signature` , `name` , `surname` , `mail` , `icq` , `gg` , `o2` , `theme` , `lang` , `website` , `location` , `reg_date` , `last_visit` , `buddies` , `points` , `active` , `autologin` , `gid` , `mailing`) VALUES ('', '".$_POST['login'.$_POST['anti_auto_fill']]."', '$pwd', '', '$_POST[signature]', '$_POST[name]', '$_POST[surname]', '$_POST[mail]', '$_POST[icq]', '$_POST[gg]', '$_POST[o2]', '$_POST[thm]', '$_POST[lng]', '$_POST[website]', '$_POST[location]', '".date('Y-m-d')."', '".date('Y-m-d H:i:s')."', '', '', $active, $autologin, $group, $mailing)") or $db->err(__FILE__, __LINE__);
	$_POST['user_id']=$db->insert_id();

	//plugins for users_register, use $_POST['user_id'] for id of current user
	plugins('users/functions/user_register/');
	//
	
	//avatar
	if($_POST['how_image'] == 'http') {
		//checking prefix 'http://'
		if(substr($_POST['image_http'], 0, 7) == 'http://')
			$url = $_POST['image_http'];
		else
			$url = 'http://'.$_POST['image_http'];

		$ext = end($foo = explode(".", $url));
		if(!eregi("^(gif|jpg|jpeg|png)$", $ext)) {
			redirect('index.php?module=error&error=avatar_error3');
			exit();
		}

		//upload
		upload_image_from_url($url, $conf['avatar_upload'].$usr['id'].'.'.$ext, false);

		//resize
		make_image_minature($conf['avatar_upload'].$usr['id'].'.'.$ext, $conf['avatar_upload'].$usr['id'].'.'.$ext, $conf['avatar_max_x'], $conf['avatar_max_y'], false);

		//delete if too big
		if(filesize($conf['avatar_upload'].$usr['id'].'.'.$ext)>1024*$conf['avatar_max_size']) {
			unlink_safe_mode($conf['avatar_upload'].$usr['id'].'.'.$ext);
			redirect('index.php?module=error&error=avatar_error2');
			exit;
		} else
			$avatar = $usr['id'].'.'.$ext;
	}
	elseif($_POST['how_image'] == 'form') {
		//size
		if($_FILES['image_form']['size'] > $conf['avatar_max_size']*1024) {
			redirect('index.php?module=error&error=avatar_error2');
			exit();
		}

		//extension
		$ext = end($foo = explode(".", $_FILES['image_form']['name']));
		if(!eregi("^(gif|jpg|jpeg|png)$", $ext)) {
			redirect('index.php?module=error&error=avatar_error3');
			exit();
		}

		//upload
		upload_image_form($_FILES['image_form'], $conf['avatar_upload'].$usr['id'].'.'.$ext, false);

		//resize
		make_image_minature($conf['avatar_upload'].$usr['id'].'.'.$ext, $conf['avatar_upload'].$usr['id'].'.'.$ext, $conf['avatar_max_x'], $conf['avatar_max_y'], false);

		$avatar = $usr['id'].'.'.$ext;
	}
	else
		$avatar = '';

	$db->query("UPDATE $conf[prefix_users]users SET avatar='$avatar' WHERE id=".$_POST['user_id']) or $db->err(__FILE__, __LINE__);
	//avatar end

	//add log
	
	//

	if($_POST['admin'] == 1){
		redirect('index.php?module=admin&action=users');
		exit();
	}

	redirect('index.php?module=users&action=thx&name='.$_POST['login'.$_POST['anti_auto_fill']]);
	exit();
}
//melljeha

//editing user settings
function user_edit() {
	global $conf, $GLOBALS['lang']['users'];

	SQLvalidate($_GET['group']);

	if($_SESSION['logged_in'] == 1) {
		$db = new dbquery;
		$db->query("SELECT * FROM $conf[prefix_users]users WHERE id = $_POST[user_id]") or $db->err(__FILE__, __LINE__);
		$usr = $db->fetch_array();
		$db->query("SELECT * FROM $conf[prefix_users]users WHERE login = '".$_POST['login'.$_POST['anti_auto_fill']]."'") or $db->err(__FILE__, __LINE__);

		if(($_SESSION['id'] != $_POST['user_id']) && !perms_check('users', 'edit'))  {
			plugins('std/unauth/');
			redirect('index.php?module=error&error=auth_error');
			exit();
		}
		elseif($db->num_rows()!=0 && $usr['login']!=$_POST['login'.$_POST['anti_auto_fill']])  {
			redirect('index.php?module=error&action=users&error=register_error1');
			exit();
		}
		elseif($_POST['passwd'.$_POST['anti_auto_fill']] != $_POST['passwd2'.$_POST['anti_auto_fill']]) {
			redirect('index.php?module=error&action=users&error=register_error4');
			exit();
		}
		elseif(((strlen($_POST['passwd'.$_POST['anti_auto_fill']]) < 5) && ($_POST['passwd'.$_POST['anti_auto_fill']] != '')) || (!ereg("^[[:alnum:]]*$", $_POST['passwd'.$_POST['anti_auto_fill']]))) {
			redirect('index.php?module=error&action=users&error=register_error5');
			exit();
		}
		elseif(!verify_mail($_POST['mail'])){
			redirect('index.php?module=error&action=users&error=register_error3');
			exit();
		}
		else {
			//avatar
			if($_POST['how_image'] == 'no_change')
				$avatar = $usr['avatar'];
			elseif($_POST['how_image'] == 'http') {
				//checking prefix 'http://'
				if(substr($_POST['image_http'], 0, 7) == 'http://')
					$url = $_POST['image_http'];
				else
					$url = 'http://'.$_POST['image_http'];

				$ext = end($foo = explode(".", $url));
				if(!eregi("^(gif|jpg|jpeg|png)$", $ext)) {
					redirect('index.php?module=error&error=avatar_error3');
					exit();
				}

				//upload
				upload_image_from_url($url, $conf['avatar_upload'].$usr['id'].'.'.$ext, false);

				//resize
				make_image_minature($conf['avatar_upload'].$usr['id'].'.'.$ext, $conf['avatar_upload'].$usr['id'].'.'.$ext, $conf['avatar_max_x'], $conf['avatar_max_y'], false);

				//delete if too big
				if(filesize($conf['avatar_upload'].$usr['id'].'.'.$ext)>1024*$conf['avatar_max_size']) {
					unlink_safe_mode($conf['avatar_upload'].$usr['id'].'.'.$ext);
					redirect('index.php?module=error&error=avatar_error2');
					exit;
				} else
					$avatar = $usr['id'].'.'.$ext;
			}
			elseif($_POST['how_image'] == 'form') {
				//size
				if($_FILES['image_form']['size'] > $conf['avatar_max_size']*1024) {
					redirect('index.php?module=error&error=avatar_error2');
					exit();
				}

				//extension
				$ext = end($foo = explode(".", $_FILES['image_form']['name']));
				if(!eregi("^(gif|jpg|jpeg|png)$", $ext)) {
					redirect('index.php?module=error&error=avatar_error3');
					exit();
				}

				//upload
				upload_image_form($_FILES['image_form'], $conf['avatar_upload'].$usr['id'].'.'.$ext, false);

				//resize
				make_image_minature($conf['avatar_upload'].$usr['id'].'.'.$ext, $conf['avatar_upload'].$usr['id'].'.'.$ext, $conf['avatar_max_x'], $conf['avatar_max_y'], false);

				$avatar = $usr['id'].'.'.$ext;
			}
			else
				$avatar = '';

			//website
			if(substr($_POST['website'], 0, 7) != 'http://' && strlen($_POST['website'])!=7)
				$_POST['website'] = 'http://'.$_POST['website'];
			//

			//tlen
			$_POST['o2'] = explode("@", $_POST['o2']);
			$_POST['o2'] = $_POST['o2'][0];
			//			

			//signature
			$_POST['signature']=post_text_comments($_POST['signature']);
			//

			if($_POST['mailing'])
				$mailing = 1;
			else
				$mailing = 0;

			$zapytanie = "UPDATE $conf[prefix_users]users SET login = '".$_POST['login'.$_POST['anti_auto_fill']]."', name = '$_POST[name]', surname = '$_POST[surname]', mail = '$_POST[mail]', gg = '$_POST[gg]', icq = '$_POST[icq]', o2 = '$_POST[o2]', website = '$_POST[website]', location = '$_POST[location]', signature = '$_POST[signature]', avatar = '$avatar', theme = '$_POST[thm]', lang = '$_POST[lng]', mailing = $mailing, f1 = '$_POST[f1]', f2 = '$_POST[f2]', f3 = '$_POST[f3]', f4 = '$_POST[f4]'";

			if(($_POST['group']) && perms_check('users', 'change_group')) {
				switch(get_group_type($_POST['group'])) {
				case -1:
					if($_POST['group'] == 1) {
						redirect('index.php?module=error&error=group_error6');
						exit();
					}
					break;
				}

				$zapytanie .= ", gid = $_POST[group]";
			}

			if($_POST['passwd'.$_POST['anti_auto_fill']] != '') {
				$pwd = md5($_POST['passwd'.$_POST['anti_auto_fill']]);
				$zapytanie .= ", pass = '$pwd'";
			}
			if($_POST['autologin'] == 'true') {
				$autologin = 1;
				if($_SESSION['id'] == $usr['id']) {
					setcookie("autologin_".$conf['session_name'], $usr['login'], (time()+3600*24*7), NULL, $conf['cookie_domain']);
					if($pwd != $usr['pass'])
						setcookie("passwd_".$conf['session_name'], md5($pwd), (time()+3600*24*7), NULL, $conf['cookie_domain']);
					else
						setcookie("passwd_".$conf['session_name'], md5($usr['pass']), (time()-3600*24*7), NULL, $conf['cookie_domain']);
				}
			}
			else {
				$autologin = 0;
				if($_SESSION['id'] == $usr['id']) {
					if($_COOKIE['autologin_'.$conf['session_name']])
						setcookie("autologin_".$conf['session_name'], $usr['login'], (time()-3600*24*365), NULL, $conf['cookie_domain']);
					if($_COOKIE['passwd_'.$conf['session_name']])
						setcookie("passwd_".$conf['session_name'], md5($pwd), (time()-3600*24*365), NULL, $conf['cookie_domain']);
				}
			}

			//active
			if(perms_check('users', 'edit') && $_POST['admin']){
				if($_POST['active']=='true')
					$zapytanie .= ", active = 1";
				else
					$zapytanie .= ", active = 0";
			}
			//

			$zapytanie .= ", autologin = $autologin WHERE id = '$_POST[user_id]'";

			$db->query($zapytanie) or $db->err(__FILE__, __LINE__);
			
			//plugins for users_edit, use $_POST['user_id'] for id of current user
			plugins('users/functions/user_edit/');
			//
			
			//add log
			
			//

			//czyszczenie cachu mysql
			$db->clear_cache('user_by_id_'.$usr['id'].'.cache', 'users');
			//

			if($_SESSION['id'] == $_POST['user_id']) {
				if(in_array($_POST['thm'], get_theme_array()))
					$_SESSION['theme'] = $_POST['thm'];
				if(in_array($_POST['lng'], get_lang_list())) {
					$_SESSION['lang_short'] = $_POST['lng'];
				}
			}
		}
	}
	else {
		redirect('index.php?module=users&action=login');
		exit();
	}
	if($_POST['admin'] == 1)
	{
		redirect($_SESSION['redirect_2']);
		exit();
	}
	redirect('index.php?module=users&action=profile');
	exit();
}
//

//deleting user
function user_delete()
{
	global $conf;

	SQLvalidate($_GET['id']);

	if(!perms_check('users', 'delete'))
	{
		plugins('std/unauth/');
		redirect('index.php?module=error&error=auth_error');
		exit();
	}
	else
	{
		$db = new dbquery;

		$db->query("SELECT * FROM $conf[prefix_users]users WHERE id = $_GET[id]") or $db->err(__FILE__, __LINE__);
		$u=$db->fetch_object();

		if(is_module_installed('comments')) {
			$db->query("SELECT * FROM $conf[prefix]comments WHERE who = $u->id") or $db->err(__FILE__, __LINE__);
			//usuwanie komentarzy
			include_once('includes/functions/comments.php');
			while($d = $db->fetch_object()){
				$_GET['id']=$d->id;
				$_GET['what']=$d->what;
				$_GET['whatid']=$d->whatid;
				comment_delete(false, false);
			}
		}

		//plugins for users_register, use $_POST['user_id'] for id of current user
		plugins('users/functions/user_delete/');
		//
		
		//add log
		
		//

		//czyszczenie cachu mysql
		$db->clear_cache('user_by_id_'.$_GET['id'].'.cache', 'users');
		//

		$db->query("DELETE FROM $conf[prefix_users]users WHERE id = $_GET[id]") or $db->err(__FILE__, __LINE__);
	}

	redirect($_SESSION['redirect_2']);
}
//

function user_activate() {
	global $conf;
	if(is_numeric($_GET['id']) && is_numeric($_GET['active'])) {
		$db = new dbquery;
		$db->query("SELECT * FROM $conf[prefix_users]users WHERE id = $_GET[id]") or $db->err(__FILE__, __LINE__);  
		$u=$db->fetch_object();
		
		if($db->num_rows() == 0) {
			redirect('index.php?module=error&action=users&error=error1'); 
			exit();
		}

		if(!perms_check('users', 'edit') or ($u->gid==3 && $GLOBALS['gid']!=3)) {
			redirect('index.php?module=error&error=auth_error');
			exit;
		}	

		if($_GET['active'])
			$active=1;
		else
			$active=0;
		
		$db->query("UPDATE $conf[prefix_users]users SET active=$active WHERE id = $_GET[id]") or $db->err(__FILE__, __LINE__);  
	}
			
	redirect($_SESSION['redirect_1']);
	exit;
}

//logging user in if $_COOKIE['autologin']
function autologin() {
	global $conf, $GLOBALS['lang']['users'];

	if(!$_SESSION['logged_in'] && $_COOKIE['autologin_'.$conf['session_name']] && $_COOKIE['passwd_'.$conf['session_name']]) {
		$db = new dbquery;
		$db->query("SELECT * FROM $conf[prefix_users]users WHERE login = '".$_COOKIE['autologin_'.$conf['session_name']]."'");

		//checking if user exists in db
		if($db->num_rows() == 0) {
			setcookie("autologin_".$conf['session_name'], $_COOKIE['autologin_'.$conf['session_name']], (time()-3600*24*7), NULL,  $conf['cookie_domain']);
			setcookie("passwd_".$conf['session_name'], $_COOKIE['passwd_'.$conf['session_name']], (time()-3600*24*7), NULL,  $conf['cookie_domain']);
			redirect('index.php');
			exit;
		}

		$d = $db->fetch_object();
		if($d->active == 0 || $_COOKIE['passwd_'.$conf['session_name']] != md5($d->pass)) {
			setcookie("autologin_".$conf['session_name'], $_COOKIE['autologin_'.$conf['session_name']], (time()-3600*24*7), NULL,  $conf['cookie_domain']);
			setcookie("passwd_".$conf['session_name'], $_COOKIE['passwd_'.$conf['session_name']], (time()-3600*24*7), NULL,  $conf['cookie_domain']);
			redirect('index.php');
			exit;
		}
		else {
			$_SESSION['login'] = $d->login;
			$_SESSION['id'] = $d->id;
			$_SESSION['logged_in'] = 1;

			//if theme exists
			if(in_array($d->theme, get_theme_array()))
			$_SESSION['theme'] = $d->theme;
			else
			$db->query("UPDATE $conf[prefix_users]users SET theme='$conf[theme]' WHERE id=$d->id");
			//

			$_SESSION['last_visit']= $d->last_visit;

			//change last_visit to current_visit
			$db->query("UPDATE $conf[prefix_users]users SET last_visit='".date('Y-m-d H:i:s')."' WHERE id=$d->id");
			//
			
			//update autologin cookies
			setcookie("autologin_".$conf['session_name'], $_SESSION['login'], (time()+3600*24*7), NULL,  $conf['cookie_domain']);
			setcookie("passwd_".$conf['session_name'], md5($d->pass), (time()+3600*24*7), NULL,  $conf['cookie_domain']);
			//
		}
		
		//continue doing the script
		//redirect('http://'.$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI']);
		//exit;
	}
}

//logging user in
function login() {
	global $conf, $GLOBALS['lang']['users'];

	if(!$_SESSION['logged_in']) {
		$db = new dbquery;
		$db->query("SELECT * FROM $conf[prefix_users]users WHERE login = '$_POST[login]'");

		//checking if user exists in db
		$znaleziono = $db->num_rows();
		if($znaleziono == "0") {
			redirect('index.php?module=users&action=login&error=1&site='.$_POST['site']);
			exit;
		}
		//
		$d = $db->fetch_object();
		if($d->active == 0) {
			redirect('index.php?module=users&action=login&error=4&site='.$_POST['site']);
			exit;
		}
		elseif(md5($_POST['passwd']) != $d->pass) {
			redirect('index.php?module=users&action=login&error=2&site='.$_POST['site']);
			exit;
		}
		else {
			$_SESSION['login'] = $d->login;
			$_SESSION['id'] = $d->id;
			$_SESSION['logged_in'] = 1;

			//if theme exists
			if(in_array($d->theme, get_theme_array()))
			$_SESSION['theme'] = $d->theme;
			else
			$db->query("UPDATE $conf[prefix_users]users SET theme='$conf[theme]' WHERE id='$d->id'");
			//

			$_SESSION['last_visit']= $d->last_visit;
			$autologin = $d->autologin;
			$passwd = $d->pass;

			//change last_visit to current_visit
			$db->query("UPDATE $conf[prefix_users]users SET last_visit='".date('Y-m-d H:i:s')."' WHERE id='$d->id'");
			//

			//update record from online
			$db->query("UPDATE $conf[prefix]online SET logged_in='$_SESSION[id]' WHERE sid='".session_id()."'");
			//
			
			//autologin cookie
			if($_POST['autologin'] != 0 && (!$_COOKIE['autologin_'.$conf['session_name']] || !$_COOKIE['passwd_'.$conf['session_name']])) {
				setcookie("autologin_".$conf['session_name'], $_SESSION['login'], (time()+3600*24*7), NULL,  $conf['cookie_domain']);
				setcookie("passwd_".$conf['session_name'], md5($passwd), (time()+3600*24*7), NULL,  $conf['cookie_domain']);
			}
		}
	}
	
	if(!$_POST['site']) $_POST['site']=$_GET['site'];
	if($_POST['site']) {
		redirect($_POST['site']);
		exit;
	}
	elseif(eregi("error", $_SERVER['HTTP_REFERER'])) {
		redirect('index.php');
		exit;
	}
	else {
		redirect($_SERVER['HTTP_REFERER']);
		exit;
	}
}
//

//logging user out
function logout() {
	global $conf;

	if($_SESSION['logged_in'] == 1) {
		unset($_SESSION['login'], $_SESSION['id'], $_SESSION['logged_in'], $_SESSION['online_id']);
		session_destroy();

		//removing autologin information
		if($_COOKIE['autologin_'.$conf['session_name']])
		setcookie("autologin_".$conf['session_name'], $_COOKIE['autologin_'.$conf['session_name']], (time()-3600*24*7), NULL,  $conf['cookie_domain']);
		if($_COOKIE['passwd_'.$conf['session_name']])
		setcookie("passwd_".$conf['session_name'], $COOKIE['passwd_'.$conf['session_name']], (time()-3600*24*7), NULL,  $conf['cookie_domain']);
		//

		//user visited us so we have to set $_SESSION['visit'] to visited (for stats)
		session_start($conf['session_name']);
		$_SESSION['visit']='visited';
		//

		$db = new dbquery;
		//update record from online
		$db->query("UPDATE $conf[prefix]online SET logged_in='0' WHERE sid='".session_id()."'");
		//
	}

	redirect($_SERVER['HTTP_REFERER']);
	exit;
}

function users_mailing_send()
{
	global $conf;

	if(!perms_check('admin', 'mailing'))
	{
		redirect('index.php?module=error&error=auth_error');
		exit;
	}

	$db=new dbquery;

	if(function_exists(mail))
	{
		$message = read_text_rest($_POST['message'].$GLOBALS['lang']['users']['mailing_signature']);
		$subject=read_text_rest($conf['adress'].' - '.$_POST['subject']);

		if($_POST['how'] == 'all')
		{
			$db->query("SELECT * FROM $conf[prefix_users]users WHERE mailing = 1 and active = 1") or $db->err(__FILE__, __LINE__);

			$userEmails=array();
			while($d = $db->fetch_object())
				$userEmails[]=$d->mail;

			$userEmails=implode(', ', $userEmails).', ';
			if(!mail($userEmails, $subject, $message, "From: $conf[mailing_from]\r\n"."Reply-To: $conf[mailing_reply_to]\r\n"."X-Mailer: PHP/".phpversion()))
			{
				redirect('index.php?module=admin&action=users&cmd=mailing_notsent');
				exit;
			}
		}
		elseif($_POST['how'] == 'users')
		{
			for($i = 0; $i < count($_REQUEST['users']); $i++)
				SQLvalidate($_REQUEST['users'][$i]);

			$db->query("SELECT * FROM $conf[prefix_users]users WHERE mailing = 1 and active = 1 && id IN (".implode(', ', $_REQUEST['users']).")") or $db->err(__FILE__, __LINE__);

			$userEmails=array();
			while($d = $db->fetch_object())
				$userEmails[]=$d->mail;

			$userEmails=implode(', ', $userEmails).', ';
			if(!mail($userEmails, $subject, $message, "From: $conf[mailing_from]\r\n"."Reply-To: $conf[mailing_reply_to]\r\n"."X-Mailer: PHP/".phpversion()))
			{
				redirect('index.php?module=admin&action=users&cmd=mailing_notsent');
				exit;
			}
		}
		elseif($_POST['how'] == 'groups')
		{
			for($i = 0; $i < count($_REQUEST['groups']); $i++)
				SQLvalidate($_REQUEST['groups'][$i]);


			$db->query("SELECT * FROM $conf[prefix_users]users WHERE mailing = 1 and active = 1 and gid IN (".implode(', ', $_REQUEST['groups']).")") or $db->err(__FILE__, __LINE__);
			$userEmails=array();
			while($d = $db->fetch_object())
				$userEmails[]=$d->mail;

			$userEmails=implode(', ', $userEmails).', ';
			if(!mail($userEmails, $subject, $message, "From: $conf[mailing_from]\r\n"."Reply-To: $conf[mailing_reply_to]\r\n"."X-Mailer: PHP/".phpversion())) {
				redirect('index.php?module=admin&action=users&cmd=mailing_notsent');
				exit;
			} 
		}
		redirect('index.php?module=admin&action=users&cmd=mailing_sent');
		exit;
	}
	redirect('index.php?module=admin&action=users&cmd=mailing_notsent');
	exit;
}

function users_lost_password_send()
{
	global $conf;

	SQLvalidate($_GET['id']);

	$db=new dbquery;

	if($_GET['id'] && $_GET['code']) {
		$db->query("SELECT * FROM $conf[prefix_users]users WHERE id=$_GET[id]") or $db->err(__FILE__, __LINE__);

		if($db->num_rows()==0) {
			redirect('index.php?module=error&action=users&error=error1');
			exit;
		}

		$d=$db->fetch_object();

		if(md5($d->pass)!=$_GET['code']) {
			redirect('index.php?module=erro&action=users&error=lost_pass_error1');
			exit;
		}

		$time=time();
		$pass_=substr($time, (strlen($time)-6), strlen($time));
		$pass=md5($pass_);

		$title=string_template($GLOBALS['lang']['users']['lost_pass_title'], array('adress'=>$conf['adress']));
		$message=string_template($GLOBALS['lang']['users']['lost_pass_send'], array('login'=>$d->login, 'pass'=>$pass_));

		if(!@mail($d->mail, $title, $message, "From: $conf[mailing_from]")) {
			redirect('index.php?module=error&action=users&error=mailing_error');
			exit;
		}
		else {
			$db->query("UPDATE $conf[prefix_users]users SET pass='$pass' WHERE id=$_GET[id]") or $db->err(__FILE__, __LINE__);
			redirect('index.php?module=info&info=lost_pass_info2');
			exit;
		}
	}

	redirect('index.php');
	exit;
}

?>
